Udostępnij za pośrednictwem


How to: Add Assemblies to Security Policy Using Caspol.exe

An assembly that implements a custom permission, or implements any other custom security object that is not included in the .NET Framework, must be added to the fully trusted assembly list. You can do this using the Code Access Security Policy tool (Caspol.exe). There is a separate list for each policy level. The fully trusted assembly list grants its members full trust for the related policy level. This is necessary to keep the runtime from performing circular policy resolutions.

To add an assembly that implements a custom security object to the fully trusted assembly list

  1. Before you add an assembly to security policy, you must give it a strong name and put it in the global assembly cache. For more information about working with assemblies and the global assembly cache, see Creating and Using Strong-Named Assemblies.

  2. Type the following command at the command prompt:

    caspol [-enterprise|-machine|-user] –addfulltrust AssemblyFile

    Specify the policy-level option before the –addfulltrust option. If you omit the policy-level option, Caspol.exe lists the permission sets at the default policy level. For computer administrators, the default level is the machine policy level; for others, it is the user policy level.

    The following command adds MyCustomPermissionSet.exe to the user policy level's fully trusted assembly list.

    caspol –user –addfulltrust MyCustomPermissionSet.exe
    
  3. If the assembly you add depends on another assembly (that is, uses types implemented in another assembly), you must also add that assembly to the list.

Adding an assembly to a fully trusted assembly list does not guarantee that it will be granted full trust by the policy system as a whole, but only that it will be granted full trust at the policy level where it is listed. For example, if you add the MyCustomPermission.exe assembly to the user policy level's fully trusted assembly list, but MyCustomPermission.exe receives only execution rights from machine policy, MyCustomPermission.exe would eventually be granted only execution rights. It is therefore important to remember that putting an assembly into the fully trusted assembly list only helps avoid creating circular policy resolutions for the policy level where it is listed. It does not guarantee that the assembly implementing the custom permission actually receives a full trust grant.

See Also

Reference

Caspol.exe (Code Access Security Policy Tool)

Concepts

Security Policy Model

Other Resources

Configuring Security Policy Using the Code Access Security Policy Tool (Caspol.exe)

Configuring Permission Sets Using Caspol.exe